JUST RELEASED: ATT&CK for Industrial Control Systems

Obtain domain/IP registration information

For a computing resource to be accessible to the public, domain names and IP addresses must be registered with an authorized organization. [1] [2] [3]

ID: T1251
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Open access to DNS registration/routing information is inherent in Internet architecture.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Proliferation of DNS information makes registration information functionally freely available.

References

  1. Google Domains. (n.d.). About WHOIS. Retrieved April 2, 2017.
  2. Jeff Bardin. (2012, October 10). OSINT and Cyber Intelligence - Fun and Sun in Miami. Retrieved March 1, 2017.
  1. Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017.